2013-07-03 website hosting at vilnius university by eligijus račkauskas senior programmer at vu...
TRANSCRIPT
2013-07-03
Website Hostingat
Vilnius University
by Eligijus Račkauskas
senior programmer at VU ITTC
• 596 hosted websites in several groups:– main website of the University and University
news websites– University departments/subdivisions– University projects and conferences– University staff blogs– websites of other Lithuanian research and
education institutions (schools, kindergartens etc)
info.tinklas.vu.lt
749th on Webometrics ranking (January, 2013)2013-07-03 VU, ITTC
Hardware
• SUN SPARC T5220 (8 CPU 8 core each)– LDOM or Zones
• Vmware• SAN and NAS storages
– 2 GB by default– 1 GB for schools, 0.5 GB for blogs – extra space on demand
2013-07-03 VU, ITTC
Software
Open source• Solaris• Apache• suPHP• PHP• MySQL
Most used CMS:• WordPress• Joomla
CMS ImpressPages (developed by Lithuanian programmers)
2013-07-03 VU, ITTC
Securing websites (1)
11 corrupted websites detected during the last half year mainly due to outdated CMS.Hackers now try:• Guess passwords intensively on WordPress
and Joomla from botnets• Well known CMS holes• SQL injection attacks• Spamming of web forms (leave comments,
send mail)Hack, sit quiet a month or two and then begin spamming or do something else.2013-07-03 VU, ITTC
Securing websites (2)
PHP• allow_url_fopen Off• allow_url_include Off• disable_functions system, exec, shell_exec, passthru,
proc_close, proc_get_status, proc_open, proc_nice, proc_terminate, popen, pclose, symlink, link, disk_free_space, disk_total_space, highlight_file, chown, chgrp
• display_errors Off
2013-07-03 VU, ITTC
Securing websites (3)
• FTP access from Lithuanian ISP • WordPress and Joomla login page from
Lithuania or University network• Monitoring by Nagios and Cacti, SMS
alerts• Cron scripts counts POST requests from
Apache logs• Other tools like paranoia and suspicion
• Blocking suspicious IP on Apache or ipfilter
• Disabling abusing website
2013-07-03 VU, ITTC
When corruption detected
• Block website (whole or a part of it)• Search for vulnerability• Patch the hole / restore website• Inform website’s administrator
about the incident• Check other sites for the
vulnerabilities• Apply preventive means
2013-07-03 VU, ITTC
Staff blogs
• web.vu.lt/department/n.surname• WordPress account or “free” resources• Mostly used for teaching purposes
(summaries, assignments etc.)
• WordPress Multisite– one installation for a department– slightly adapted core for account name
with dot symbol• few lines in wp-admin/network/site-new.php
and .htaccess2013-07-03 VU, ITTC
Problems
• Outdated Content Management Systems (CMS)– targets for hackers– forced to support old PHP versions
• Websites administrators lacking of IT experience (non IT staff mainly)
• Growing flow of junk• No possibility to use reverse proxy
servers2013-07-03 VU, ITTC
Future plans
• Move websites to Vmware environment
• Use FastCGI• Get into the top 500 on
Webometrics
2013-07-03 VU, ITTC
Something more
• SSO• https://filesender.vu.lt/• http://problemos.tinklas.vu.lt/• DokuWiki• http://www.epaslaugos.vu.lt/
2013-07-03 VU, ITTC
Questions
2013-07-03 VU, ITTC
Thank you for your attention!
2013-07-03 VU, ITTC